瑞星卡卡安全论坛
早上的月亮 - 2006-2-21 11:20:00
我也中了这个毒,用瑞星杀不干净不说,每次开机还会自动启动regedit,请高手指点,谢谢!
Logfile of HijackThis v1.99.1
Scan saved at 11:16:21, on 2006-2-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\P4P\p2psvr.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsLogVw.exe
C:\Documents and Settings\sap\桌面\155847200541134207\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v6.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINDOWS\Downloaded Program Files\Biamzq.dll (file missing)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: DragSearch BHO - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 金山词霸 2006 Plus.lnk = C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: !搜一搜 - res://C:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: Save豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=208680_1006 (file missing)
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O11 - Options group: [CDNCLIENT] 中文上网
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://99liao.com/talk.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AADBFE0-84EC-44B1-B077-331EE832FF36}: NameServer = 202.96.209.6 202.96.209.133
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe
早上的月亮 - 2006-2-21 12:06:00
病毒名称处理结果发现日期扫描方式路径文件病毒来源
Backdoor.Gpigeon.vqf删除成功2006-02-21 11:36定时扫描F:\System Volume Information\_restore{3C117C91-95A1-43BC-97CD-7192F0F63A43}\RP92A0029772.exe>>soft\yy.exe本机
我还中了一个这样的毒,也是杀不干净,不知道有没有解决的办法?
命运里の金色 - 2006-2-21 12:50:00
【回复“早上的月亮”的帖子】
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINDOWS\Downloaded Program Files\Biamzq.dll (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe
建议用HijackThis在关闭IE浏览器的情况下修复以上
DEL 可执行档案
C:\Program Files\Common Files\COMM\Network.exe
DEL DLL档案
C:\WINDOWS\system32\socul.dll
C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\system32\msibm\cfsys.dll
DEL 文件夹
C:\WINDOWS\system32\msibm
C:\Program Files\Common Files\COMM
建议自己卸载3721,yahoo助手,网络实名,虽然没什么,但影响电脑性能
还有后面你提到的病毒,关闭系统还原就可以了
2116bromgamed2m - 2006-2-21 13:49:00
【回复“早上的月亮”的帖子】
结束进程:C:\Program Files\Common Files\COMM\Network.exe
贪睡的猫咪 - 2006-2-21 16:25:00
谢谢各位高手了,到现在为止都没弹出杀毒的对话框了
贪睡的猫咪 - 2006-2-21 16:28:00
谢谢各位了,现在都没出现了
早上的月亮 - 2006-2-21 16:37:00
我可还是不行,按前辈的操作方式,我用HijackThis都修复不了,请再看一次我导出的报告:Logfile of HijackThis v1.99.1
Scan saved at 16:35:04, on 2006-2-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\P4P\p2psvr.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sap\桌面\155847200541134207\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll (file missing)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v6.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINDOWS\Downloaded Program Files\Biamzq.dll (file missing)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunOnce: [uninsrest] C:\DOCUME~1\sap\LOCALS~1\Temp\uninrest.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 金山词霸 2006 Plus.lnk = C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: Save豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=208680_1006 (file missing)
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://99liao.com/talk.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AADBFE0-84EC-44B1-B077-331EE832FF36}: NameServer = 202.96.209.6 202.96.209.133
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe
而且DLL,和EXE文件都是写保护的,不让我手动删除,这可怎么办哪?
国际刑警 - 2006-2-21 16:57:00
【Trojan.Spy.Agent.xv杀不掉】
进程列表
[System Process]
System
C:\WINDOWS\system32\Ati2evxx.exe (Made by ATI Technologies Inc.)
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe (Made by Yahoo!)
C:\Program Files\Common Files\COMM\Network.exe (Made by COMENET TECHNOLOGY)
G:\mxxx\MxXX.EXE
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Herosoft\HeroV8\SYSEXPLR.EXE
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
H:\系统软件\Photoshop7.1\Photoshop\Setup.exe
E:\Program Files\《墨香》\MHClient-Connect.exe
C:\Herosoft\HeroV8\STHSDVD.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\RavDetect.exe
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
invalid string position
string too long
8D)wx/W
.{yL%qB
Jw:E2S/T
HdH(!>
rGetStringTypeW
LoaderDll.dll
ConnServ
h(((( H
((((( H
h(((( H
H
iciNWq
Ze2Zh@
A4x{%`
BFUa.X
w``u N
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
.?AVout_of_range@std@@
C:\Program Files\Internet Explorer\iexplore.exe
((((((((((((((((((((((((((
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
G:\mxxx\GameHook.DLL
8"8.878
=:>L>S>
.0=0D0
1#1Z1`1
1#2-2Q2_2j2{2
3)3B3I3y3
4)4.4E4U4`4p4{4
=_=}=W>
?#?*?1?:?S?X?e?s?
1%161C1T1e1
2 262D2O2a2
3-363{3
4'4.4W4_4e4
5#5-5?5^5g5q5x5}5
6%6,62686?6F6L6V6`6g6l6s6
7#717:7H7N7]7
=N>Y>t>{>
? ?$?(?r?x?|?
4'4/4F4T4Y4c4
5I5N5X5
5.6H6_6
7;7E7W7
8\8n8v8
;";*;I;O;Z;c;
(4]4g4
5!5/575H5R5Z5
6?6K6u6
8#80868;8D8J8
:':-:P:W:p:
3!4'414K4Q4Z4a4u4
5,575>5D5L5W5^5f5l5}5
5G6M6j6
6?7E7f7
8+8C8~8
9#9A9c9q9
:*:|:R;k;
=V=f=r=y=
>.>E>K>X>d>k>t>{>
>[?`?z?
00c0}0
1+1J1\1h1x1
5'5-52585E5b5h5s5x5
6 6&676
65:;:v:
= >,>D>[>h>
?-?J?b?y?
0)00070@0]0r0x0
1#1/1e1m1u1
222N2f2
3*3:3R3c3|3
545;5L5S5a5u5
;$;/;A;L;^;i;z;
>3>e>l>p>t>x>|>
0 0+040^0
1!2Z2`2g2m2t2z2
3,767C7`7k7
8!898Y8k8
3 4(4,44484H4P4T4\4`4l4p4|4
6@8P8x8
3\4`4h4
5 5054585P5T5X5l5|5
6T6d6x6
7$707H7T7l7
00141P1X1\1
|kernel32.dll
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
ws2_32.dll
user32.dll
oleaut32.dll
kernel32.dll
SetTimer
VariantChangeTypeEx
RaiseException
HrCg@b
rin5gX
{+$WSZ
$;=HBu,
t/`)x*
48`lIn
s COpy~
1983t,
BbxXCK
0w304K
|ot=pe
`x"t#p
EDiv yZ@
zblE:a&
r4ylXe
BFaHod
,P]xOM
u4V2PF
;A|oxr
TV0P7hH
*lD{,pY
LX24 P$p\
S'"|FX
60%?)+
Nz1=Jt
X1`of\5"
pY8m J
CLSID\
hmHg,0
y[] 9&
XnV2BT
GCR(%;
Y [e+%
n^LRS:y
([`@4vNX
@HIJKL
PQRST`U
jklmnp
stuvwxy
123456
+/= $&()p
{},;:-
BJHwe
lm|/@Z9
0\^hR0?3"s
!4``yK
A'qCak
(*zv;54
ache:
r*vB2`|
IV)$#\
r~LUpx
"'st^>
se256T
$|t`+A#
PMarnxg
keyq.i
\f6/.W
,gRv 9/;
|e>=9
JYs'{E
/`2wCy
:V5`!z@
Z_K{}B
v,z@s-}
10:Bph
P#0?sB
duct]\_
Trans`
iq=;I
7"@DIR
vd!Lii
GL w"@M
Ad>!o,
R/ nk@
(%E?>a
FRxOv:
SO-8'59
t"qRep8
dpq9jlJ
r=;[y%
d{@31;&
h&BPzg{
5jk2:`
MB)OZq*
CJ*D/S
B!1^i'=
z\{%b2
2_Acou~l9j
it&"%!
084 Dh&
"%?vW19
RA# D_l
#1dV;%D
L$SH^9
B;`W`m
MkJl+Q
.$\G7=
t^Sb3H
jaAL^r
usC) 8
"2i]fK
D=P5'T-@-
VSb:>U2f
.FIX85
(08@P`p
*l! oQ
tream;
#8"d$X
OFiYj?
IZKWH:
Lmp$0*+
tdD@4@
STWXZVd
bvp3lq
N V$jH|
5$#6H>
ern0l32.
p"CKzR
gK2yb@z
$qpR&jf|'
:vBxJzR|
'!G)g3
b?rhtxvs
(93M:V;\
)t?v]x
t#v;xDz
'+G9g:@
:&`.O6
z@|D~H
>D?L%P
"'&G*g.
/=oNtP
l*90p:
sCuawj
D0,F%8
918/S
?( ,.0
'5L`zR
gR>pLs
a,Z=uw{
h&Tu:Ea*
eRP=$[
I0FaK$
k18=1}6s
ViGtua
=cp,Ex
CfM)?ag
?brmuhSQo
C8AdPi
h6)JxYt
]/I=k1>
::Hr5kx
?m+-h}
3D`M^W8U
o'x%(&2
{l(74sHn
=zn#uQ
j[M!N
pa^VE.
]Of7*3
]w:"8A
>yp*O_v|
0WSf(?
Q)#j]'
epSp [
@$JL`G
0j`LY?
cK"-t:+CXC
O.9(|T
:vfB^=
VS_VERSION_INFO
StringFileInfo
080404b0
FileDescription
LoaderDl
FileVersion
2, 1, 0, 0
InternalName
LoaderDl
LegalCopyright
(C) 2005
OriginalFilename
LoaderDl.dll
ProductName
LoaderDl
ProductVersion
2, 1, 0, 0
VarFileInfo
Translation
C:\WINDOWS\DOWNLO~1\cnsplus.dll (made by 3721)
t9HuAV
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
VWuBhxd
t.;t$$t(
VC20XC00U
PPPPPPPP
PPPPPPPP
C:\Program Files\Internet Explorer\iexplore.exe
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
((((((((((((((((((((((((((
((((( H
C:\WINDOWS\system32\wmpdrm.dll (made by Allsum Info. Tech. Ltd.)
L$4QWR
T$0RWh
D$$QPU
R(_^[]
L$,_^[
\$$t*;
L$ _^]
9|$$t-
L$@_^]d
M|PPPPPP
U|PPPPPPP
MxQPPPR
t.;t$$t(
VC20XC00U
QQSVWd
HHt`HHt\
sVS;7|B;w
F,98uX
t!SS9]
QQSVW3
t#SSUP
t$$VSS
_^][YY
VWumh8G
PPPPPPPP
PPPPPPPP
WWWWVSW
t2WWVPVSW
HHtjHHtF
jjjjjj
jjjjjjj
.?AVCAtlException@ATL@@
msibm.dll
msibm.dll
msibm.dll
Explorer.EXE
ctfmon.exe
CONIME.EXE
hkcmd.exe
daemon.exe
ccApp.exe
taskmgr.exe
internat.exe
mprexe.exe
msgsrv32.exe
taskmon.exe
systray.exe
iexplore.exe
Maxthon.exe
tm.exe
TMShell.exe
TTraveler.exe
myie.exe
myie2.exe
firefox.exe
netscape.exe
opera.exe
qq.exe
msnmsgr.exe
Popo.exe
UC.exe
YPager.exe
Lite.exe
gaim.exe
rtxc.exe
IMU.exe
MyIM.exe
KAV32.exe
RavCopy.exe
kvolself.exe
KVSrvXP.exe
LuComServer_2_5.exe
Poco2004.exe
Thunder.exe
eph.exe
p2psrv.exe
vpp.exe
BitComet.exe
BitTorrent.exe
BitSpirit.exe
btogether.exe
kuro.exe
kugoo.exe
emule.exe
Skype.exe
Dudu.exe
baiduX.exe
abc.exe
foxmail.exe
msimn.exe
conf.exe
OUTLOOK.exe
FlashFXP.exe
CuteFTP.exe
LeapFTP.exe
NetTransport.exe
netants.exe
flashget.exe
ServUTray.exe
Apache.exe
ApacheMonitor.exe
realplay.exe
wmplayer.exe
winamp.exe
foobar2000.exe
irc.exe
mirc.exe
Aol.exe
AnyQ.exe
QQMail.exe
QQexternal.exe
QQMusic.exe
TTplayer.exe
nettv.exe
stv.exe
starTV.exe
Sentinel.exe
MeteorNetTV-hj.exe
realsched.exe
winamp.exe
Poco2004.exe
Thunder.exe
eph.exe
p2psrv.exe
vpp.exe
BitComet.exe
ctfmon.exe
explorer.exe
.?AVtype_info@@
C:\Program Files\Internet Explorer\iexplore.exe
((((((((((((((((((((((((((
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
C:\WINDOWS\system32\cdnns.dll
D$0SUV
T$@_^]
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
VWuBh4T
"WWSh@T
t.;t$$t(
VC20XC00U
FNSPStartup
Rnr20.dll
C:\Program Files\Internet Explorer\iexplore.exe
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
((((((((((((((((((((((((((
EnableIdn
Software\CNNIC\CdnClient\Console
Rnr20.dll
CNNIC Name Space Provider
C:\WINDOWS\system32\wint\wint.dll
命运里の金色 - 2006-2-21 17:12:00
【回复“早上的月亮”的帖子】先按下图修复我要你修复的那些项目
重起后,那些文件就可以删除了
附件:
4147582006221171216.jpg
风逝haha - 2006-2-21 20:04:00
【回复“命运里の金色”的帖子】
你说的那些文件夹里都没有unist.exe的卸载程序,但是C:\WINDOWS有很多兰色字体的unist.exe文件夹,怎么处理呀?
还有C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\system32\msibm\cfsbho.dll
C:\WINDOWS\system32\obwbkya.dll 都没有找见.其他找到的都删了.
风逝haha - 2006-2-21 20:07:00
那些网页还是在往出弹,怎么办呀?
命运里の金色 - 2006-2-21 21:41:00
【回复“风逝haha”的帖子】C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\system32\msibm\cfsbho.dll
C:\WINDOWS\system32\obwbkya.dll
打开隐藏文件找
附件:
4147582006221214143.jpg
风逝haha - 2006-2-21 22:40:00
【回复“命运里の金色”的帖子】
照做了,还是没有那些文件夹.另外,C:\WINDOWS有很多兰色字体的unist.exe小文件夹,若隐若现的,怎么弄呀?多谢了.
早上的月亮 - 2006-2-22 1:17:00
【回复“命运里の金色”的帖子】
多谢高手指点,现在再也没有发现病毒了。可是新问题又来了,你让我删掉上网助手,可是现在经常会弹出一个叫“http://nusports.cn/tuiguangtanchu”和“http://www.chinahr.com”的网页,我用卡卡安全助手也没有办法禁用它。另外,注册表修改器还是会在开机后自行启动。
早上的月亮 - 2006-2-22 1:23:00
补上进程:
Logfile of HijackThis v1.99.1
Scan saved at 1:22:31, on 2006-2-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\P4P\p2psvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\sap\桌面\155847200541134207\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll (file missing)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v6.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINDOWS\Downloaded Program Files\Biamzq.dll (file missing)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook1.dll Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 金山词霸 2006 Plus.lnk = C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: Save豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=208680_1006 (file missing)
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AADBFE0-84EC-44B1-B077-331EE832FF36}: NameServer = 202.96.209.6 202.96.209.133
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Network System (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\COMM\Network.exe (file missing)
2116bromgamed2m - 2006-2-22 1:36:00
【回复“早上的月亮”的帖子】
修复:
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Network System (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\COMM\Network.exe (file missing)
删除:C:\WINDOWS\system32\wmpdrm.dll
C:\Program Files\Common Files\COMM\文件夹
命运里の金色 - 2006-2-22 7:18:00
【回复“早上的月亮”的帖子】请照我前面的回贴,你有些还是没修复,一些文件也没删除
命运里の金色 - 2006-2-22 7:20:00
| 引用: |
【风逝haha的贴子】【回复“命运里の金色”的帖子】
照做了,还是没有那些文件夹.另外,C:\WINDOWS有很多兰色字体的unist.exe小文件夹,若隐若现的,怎么弄呀?多谢了.
........................... |
象图里那样的?是正常的
到安全模式下找找,或者用killbox,把路径复制进去,删除试试,实在找不到,算了
附件:
414758200622272047.jpg
叶子MM - 2006-2-22 9:36:00
我发现在c:\windows\system32\bakcfs 和c:\windows\system32\msibm下还会生成linbak.dll的文件.
前几楼的怎么都只有linbak.txt的文件吗?
命运里の金色 - 2006-2-22 10:50:00
【回复“叶子MM”的帖子】
C:\WINDOWS\system32\msibm
C:\WINDOWS\system32\spoolsv\
C:\WINDOWS\system32\bakcfs\
C:\WINDOWS\system32\msicn\
反正能找到全部删除
早上的月亮 - 2006-2-22 10:53:00
【回复“命运里の金色”的帖子】
有一些“no file”或是“file missing”的进程应该已经算是修复了吧?碰到一个顽固的进程:O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
重启了好几遍了,怎么都修复不了。而且C:\WINDOWS\system32\wmpdrm.dll 这个手动删除了之后3秒钟,它又会再次出现,真实伤脑筋啊!
命运里の金色 - 2006-2-22 13:25:00
【回复“早上的月亮”的帖子】
C:\WINDOWS\system32\msibm
C:\WINDOWS\system32\spoolsv\
C:\WINDOWS\system32\bakcfs\
C:\WINDOWS\system32\msicn\
反正能找到全部删除
看看C:\WINDOWS\system32\msicn下有没有ube.exe,这个好象是卸载程序,你试下
早上的月亮 - 2006-2-22 14:13:00
| 引用: |
【命运里の金色的贴子】【回复“早上的月亮”的帖子】
C:\WINDOWS\system32\msibm 这个文件夹好象已经被我删除了C:\WINDOWS\system32\spoolsv\ 这个文件夹删除了又会弹回来,还有个spoolsv.exe删不掉C:\WINDOWS\system32\bakcfs\ 这个文件夹删除掉了
C:\WINDOWS\system32\msicn\ 这个文件夹被写保护了,无法删除
反正能找到全部删除
看看C:\WINDOWS\system32\msicn下有没有ube.exe,这个好象是卸载程序,你试下
........................... |
有ube.exe,但是按上去没有反应的……
叶子MM - 2006-2-23 15:21:00
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 15:10:59, 日期 2006-2-23
操作系统: Windows 2000 RC 1.1 (WinNT 5.00.2195)
浏览器: Internet Explorer v5.00 (5.00.2920.0000)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
E:\RISING\RAV\Ravmond.exe
E:\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DNTUS26.EXE
C:\WINDOWS\System32\svchost.exe
E:\Rising\Rav\RavService.exe
C:\WINDOWS\system32\regsvc.exe
E:\RISING\RAV\CCenter.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\explorer.exe
E:\Rising\Rav\RavTimer.exe
E:\Rising\Rav\RavMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\RUNDLL32.exe
E:\3721\assistse.exe
E:\Rising\Rav\RavTray.exe
C:\WINDOWS\System32\internat.exe
C:\WINDOWS\System32\conime.exe
\192.168.0.150\新建文件夹\HijackThis\HijackThis1991zww.exe
E:\Rising\Rav\Rav.exe
R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - E:\3721\Assist\asbar.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp1.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\System32\wmpdrm.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - E:\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - E:\3721\Assist\asbar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - E:\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE工具栏增项: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - E:\3721\Assist\asbar.dll
O4 - 启动项HKLM\\Run: [RavTimer] E:\Rising\Rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] E:\Rising\Rav\RavMon.exe -system
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe E:\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [spoolsv] C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer
O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.dll,cfs
O4 - 启动项HKLM\\Run: [assistse] "E:\3721\assistse.exe"
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook1.dll Rundll32
O4 - 启动项HKLM\\Run: [RavTray] E:\Rising\Rav\RavTray.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] 网络实名
O11 - Options group: [TBH] QQ地址栏搜索插件
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = erhua.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{14145C88-72B3-4046-A60E-103CDC1E5EF0}: NameServer = 192.168.0.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = erhua.cn
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = erhua.cn
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - NT 服务: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DNTUS26.EXE
O23 - NT 服务: RavService - Unknown owner - E:\Rising\Rav\RavService.exe" /service (file missing)
O23 - NT 服务: WINS Client (RpcPatch) - Unknown owner - C:\WINDOWS\System32\wins\DLLHOST.EXE (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\RISING\RAV\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\RISING\RAV\Ravmond.exe
O23 - NT 服务: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe
icejieyun - 2006-2-23 15:34:00
我中了Trojan.DL.Agent.eff.请高手帮帮忙!!
这是我的日志.
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 15:21:07, 日期 2006-2-23
操作系统: Windows 2000 SP4 (WinNT 5.00.2195)
浏览器: Internet Explorer v6.00 (6.00.2600.0000)
当前运行的进程:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
D:\Program Files\Tencent\qq\TIMPlatform.exe
D:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\TTPlayer\TTPlayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\讯雷\Thunder.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINNT\msagent\AgentSvr.exe
E:\新建文件夹 (3)\HijackThis1991汉化版\HijackThis1991zww.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll (file missing)
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v13.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: BHOHelper Class - {472101C2-1109-43f4-9112-31F33E3F2127} - C:\PROGRA~1\360so\360so.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: CBHelper Object - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINNT\system32\msibm\cfsbho.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\网计瓶快斐车礬\jccatch.dll (file missing)
O2 - BHO: DragSearch BHO - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\PROGRA~1\YiSou\yisou.dll (file missing)
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [YLive.exe] rem C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] rem "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [360Main.exe] rem C:\PROGRA~1\360so\360Main.exe
O4 - 启动项HKLM\\Run: [AddrPlus2] rem RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll,Rundll32
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32
O4 - 启动项HKLM\\Run: [dmyco.exe] C:\WINNT\system32\dmyco.exe
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\PROGRA~1\YiSou\yisou.dll/232
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - E:\讯雷\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - E:\讯雷\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O11 - Options group: [CDNCLIENT] 中文上网
O11 - Options group: [TBH] QQ地址栏搜索插件
O16 - DPF: {7253A666-8D4A-11D7-A4DC-00E04C504779} (BDC Control) - http://www.520xl.com/98/BDC.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (QQPlayer Control) - http://219.133.62.236/QQPlayer.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A0DA1A7-687B-49CC-8503-A6F4D0A01835}: NameServer = 85.255.114.109,85.255.112.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A0DA1A7-687B-49CC-8503-A6F4D0A01835}: NameServer = 85.255.114.109,85.255.112.153
O17 - HKLM\System\CS2\Services\Tcpip\..\{4A0DA1A7-687B-49CC-8503-A6F4D0A01835}: NameServer = 85.255.114.109,85.255.112.153
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
命运里の金色 - 2006-2-23 17:02:00
【回复“叶子MM”的帖子】
到安全模式下操作以下步骤
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\System32\wmpdrm.dll
O4 - 启动项HKLM\\Run: [spoolsv] C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer
O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.dll,cfs
O23 - NT 服务: WINS Client (RpcPatch) - Unknown owner - C:\WINDOWS\System32\wins\DLLHOST.EXE (file missing)
O23 - NT 服务: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe
用HijackThis在关闭浏览器的情况下,修复上面
删除可执行档案
C:\WINDOWS\System32\wins\DLLHOST.EXE
删除dll文件
C:\WINDOWS\System32\wmpdrm.dll
删除文件夹
C:\WINDOWS\system32\msibm
C:\WINDOWS\system32\spoolsv\
C:\WINDOWS\system32\bakcfs\
C:\WINDOWS\system32\msicn\
C:\Program Files\Common Files\COMM\
把3721,网络实名建议卸载
命运里の金色 - 2006-2-23 17:12:00
【回复“icejieyun”的帖子】
到安全模式下操作以下步骤
R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll (file missing)
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O2 - BHO: BHOHelper Class - {472101C2-1109-43f4-9112-31F33E3F2127} - C:\PROGRA~1\360so\360so.dll
O2 - BHO: CBHelper Object - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINNT\system32\msibm\cfsbho.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\网计瓶快斐车礬\jccatch.dll (file missing)
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\PROGRA~1\YiSou\yisou.dll (file missing)
O4 - 启动项HKLM\\Run: [360Main.exe] rem C:\PROGRA~1\360so\360Main.exe
O4 - 启动项HKLM\\Run: [dmyco.exe] C:\WINNT\system32\dmyco.exe
O23 - NT 服务: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
用HijackThis在关闭浏览器的情况下,修复上面
删除可执行文件
C:\WINNT\system32\dmyco.exe(把他发到virusdied@yahoo.com.cn)
删除文件夹
C:\WINDOWS\system32\msibm
C:\WINDOWS\system32\spoolsv\
C:\WINDOWS\system32\bakcfs\
C:\WINDOWS\system32\msicn\
C:\Program Files\Common Files\SAND\
C:\Program Files\360so\
C:\Program Files\YiSou
建议卸载yahoo助手和网络实名
叶子MM - 2006-2-23 17:15:00
C:\WINDOWS\system32\spoolsv\
这个文件夹删不掉,一删掉就有.
而且这个项,我确定我已经修复过了.
命运里の金色 - 2006-2-23 17:39:00
【回复“叶子MM”的帖子】到安全模式下,按照我的回复里的东西,把我要你修复的和删除的都弄好
安全模式就是开机或者重起后不停的按F8,直到看到安全模式选项
其实你懂的话,就是自检后按F8
帕拉丁 - 2006-2-23 17:56:00
我也是中了Trojan.DL.Agent.eff.请高手帮帮忙!!
这是我的日志.
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 17:53:41, 日期 2006-2-23
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Maxthon\Maxthon.exe
E:\安装\2535952005811174944\HijackThis1991zww.exe
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: Helper Class - {6E28339B-7A2A-47B6-AEB2-197004272379} - C:\WINDOWS\vchelper.dll
O2 - BHO: BHelper - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINDOWS\system32\msibm\cfsbho.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\download\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O4 - 启动项HKLM\\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - 启动项HKLM\\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 下载页面上的ED2(&K)链接 - C:\Program Files\eMule\ed2k.html
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\download\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\download\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: TOL24 - {345ff7d8-2364-4ef7-889b-7d3c1d0bd342}? - http://www.TOL24.com (file missing)
O9 - 浏览器额外的按钮: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\download\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\download\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: 易趣购物 - {DE607142-AC19-422e-860A-0D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607142-AC19-422e-860A-0D70ABDF119A}? - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: 提取资源 - {56A95C8B-0988-412B-BF2A-E7CDF3D73D30} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - 浏览器额外的“工具”菜单项: 用 Jerk Flash V2 提取该页资源 - {56A95C8B-0988-412B-BF2A-E7CDF3D73D30} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E27F750C-2CA9-406B-9074-1A325CBD5848}: NameServer = 202.103.96.112
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
© 2000 - 2026 Rising Corp. Ltd.